Understanding PUMAKIT: A New Linux Rootkit Recent findings by cybersecurity researchers reveal a new Linux rootkit called PUMAKIT. This rootkit is particularly dangerous because it can escalate privileges, hide files and directories, and conceal itself from system tools. Most notably, PUMAKIT employs advanced techniques to evade detection, making it one of the most sophisticated threats…
The U.S. Department of Justice (DoJ) has made headlines with a significant crackdown on cybercrime. On Thursday, they announced the closure of an illicit marketplace named Rydox, which operated under the domains “rydox.ru” and “rydox.cc.” This marketplace was notorious for selling stolen personal information, access devices, and tools used for cybercrime and fraud. Law Enforcement…
Gamaredon Unveils New Android Spyware: BoneSpy and PlainGnome The Russia-linked state-sponsored threat actor known as Gamaredon has progressed in its techniques. This time, the group has been linked to two new Android spyware tools called BoneSpy and PlainGnome. This marks a significant development, as it is the first time this adversary has used mobile-only malware…
Cybersecurity Risks in Prometheus Monitoring Toolkit Cybersecurity researchers have issued warnings regarding a significant threat facing thousands of servers that host the Prometheus monitoring and alerting toolkit. These servers are exposed to severe risks, including information leakage, denial-of-service (DoS) attacks, and remote code execution (RCE) vulnerabilities. At the core of these issues is a lack…
SaaS Services and Their Impact on Operating Expenses for Modern Businesses SaaS (Software as a Service) services are one of the biggest drivers of operating expenses (OpEx) for modern businesses. As organizations increasingly rely on cloud-based platforms for various functions, managing SaaS budgets has become crucial. With Gartner projecting $247.2 billion in global SaaS spending…
Security Vulnerability in Apple's iOS and macOS: What You Need to Know Recent reports have uncovered a serious security vulnerability in Apple's iOS and macOS systems. This flaw, tracked as CVE-2024-44131, was discovered in the FileProvider component. If exploited, it could bypass the Transparency, Consent, and Control (TCC) framework, granting unauthorized access to sensitive information….
Critical Vulnerability in Hunk Companion Plugin: Risks and Solutions for WordPress Users Malicious actors are taking advantage of a critical vulnerability in the Hunk Companion plugin for WordPress. This flaw, known as CVE-2024-11972, has a CVSS score of 9.8, placing it in the high-risk category. If you are using this plugin, your website could be…
Global Law Enforcement Operation Targets DDoS Attack Services A global law enforcement operation recently dismantled 27 stresser services used to conduct distributed denial-of-service (DDoS) attacks. This effort was part of a multi-year international exercise known as PowerOFF. Coordinated by Europol and involving 15 countries, this operation took several booter and stresser websites offline, helping to…
Global Law Enforcement Operation Targets DDoS Attack Services A global law enforcement operation recently dismantled 27 stresser services used to conduct distributed denial-of-service (DDoS) attacks. This effort was part of a multi-year international exercise known as PowerOFF. Coordinated by Europol and involving 15 countries, this operation took several booter and stresser websites offline, helping to…
Overview of Secret Blizzard and Kazuar Malware The Russian nation-state actor known as Secret Blizzard has been noted for using malware associated with other threat actors. This analysis particularly focuses on how they deploy a notorious backdoor called Kazuar on devices located in Ukraine. According to the Microsoft threat intelligence team, these tactics signify an…